File php7-CVE-2019-11048.patch of Package php7

X-Git-Url: http://208.43.231.11:8000/?p=php-src.git;a=blobdiff_plain;f=main%2Frfc1867.c;h=783eab4175d58301eba03817c9179b0652db9c63;hp=bd01b34cf070fa0d9a41b9d6771280a920a74551;hb=1c9bd513ac5c7c1d13d7f0dfa7c16a7ad2ce0f87;hpb=bef96b9d2c7330909f43faf4f8ff12c7723bf857

Index: php-7.2.5/main/rfc1867.c
===================================================================
--- php-7.2.5.orig/main/rfc1867.c	2018-04-24 17:10:05.000000000 +0200
+++ php-7.2.5/main/rfc1867.c	2020-05-25 11:13:26.117985003 +0200
@@ -616,7 +616,7 @@ static void *php_ap_memstr(char *haystac
 }
 
 /* read until a boundary condition */
-static int multipart_buffer_read(multipart_buffer *self, char *buf, size_t bytes, int *end)
+static size_t multipart_buffer_read(multipart_buffer *self, char *buf, size_t bytes, int *end)
 {
 	size_t len, max;
 	char *bound;
@@ -655,7 +655,7 @@ static int multipart_buffer_read(multipa
 		self->buf_begin += len;
 	}
 
-	return (int)len;
+	return len;
 }
 
 /*
@@ -665,7 +665,7 @@ static int multipart_buffer_read(multipa
 static char *multipart_buffer_read_body(multipart_buffer *self, size_t *len)
 {
 	char buf[FILLUNIT], *out=NULL;
-	int total_bytes=0, read_bytes=0;
+	size_t total_bytes=0, read_bytes=0;
 
 	while((read_bytes = multipart_buffer_read(self, buf, sizeof(buf), NULL))) {
 		out = erealloc(out, total_bytes + read_bytes + 1);
@@ -692,7 +692,8 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_
 	char *boundary, *s = NULL, *boundary_end = NULL, *start_arr = NULL, *array_index = NULL;
 	char *lbuf = NULL, *abuf = NULL;
 	zend_string *temp_filename = NULL;
-	int boundary_len = 0, cancel_upload = 0, is_arr_upload = 0, array_len = 0;
+	int boundary_len = 0, cancel_upload = 0, is_arr_upload = 0;
+	size_t array_len = 0;
 	int64_t total_bytes = 0, max_file_size = 0;
 	int skip_upload = 0, anonindex = 0, is_anonymous;
 	HashTable *uploaded_files = NULL;
@@ -1126,7 +1127,7 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_
 			is_arr_upload =	(start_arr = strchr(param,'[')) && (param[strlen(param)-1] == ']');
 
 			if (is_arr_upload) {
-				array_len = (int)strlen(start_arr);
+				array_len = strlen(start_arr);
 				if (array_index) {
 					efree(array_index);
 				}
openSUSE Build Service is sponsored by